Article Content

Article Number

000023481

Applies To

RSA Adaptive AuthenticationAdaptive Authentication web services

Issue

MaximumDistance vulnerabilityHow to increase security for passphrase

Cause

The UniqueChars comparator?s configured for a max distance of 3 on a minimum answer length of 4. This is bad because this means an attacker would need to guess just one of the characters in a four-character answer, and the same goes for the TypoDistance comparator.

Resolution

To correct this issue, replace the present c-config-challeng*.xml file with the one included in the attached .ZIP package.